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This work shows how a secure Internet can be implemented through a fast key distribution 
system that uses physical noise to protect the transmitted information. Starting from a shared 
random sequence Kq between two (or more) users, long sequences R of random bits can be shared 
and not involving a third party. The signals sent over the Internet are deterministic but have a 
built-in Nature-made uncertainty that protects the shared sequences. After privacy amplification 
the shared R random bits -encrypted by noise- are subsequently utilized in one-time-pad data 
ciphering. The physical generated protection is not susceptible to advances in computation or 
mathematics. In particular, it does not depend on the difficulty of factoring prime numbers as 
many cryptography systems rely on. 
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INTRODUCTION 

The Internet is currently the main communication ve- 
hicle for citizens in general, banks and E-commerce. Pro- 
tocols based on mathematical complexities strive to offer 
a secure Internet while hackers attempt to break in for 
profits. As a matter of fact, the existing Internet offers 
only tenuous security. While a few security providers 
offer reasonable service within the current technological 
landscape, they are vulnerable to technological advances. 
A search for new paradigms to establish a secure Inter- 
net but not sensitive to technological or mathematical 
advances is ongoing. 

This paper describes how to implement a practical se- 
cure communication system for the Internet while avoid- 
ing altogether protocols based purely on mathematical 
complexities. This noise-encryption system relies on laws 
of Nature but also avoids single-photon state protocols 
such as BB84 jj. Single-photon protocols cannot be 
amplified and therefore do not work for the long-haul 
communications necessary for the Internet. Furthermore, 
signals from single-photon protocols cannot be converted 
from optical to electrical and back to optical without loss 
of security. Nor they are practical for wavelength multi- 
plexing (WDM) . These steps are necessary to the Inter- 
net. Alternative systems such as those using discrete or 
continuous variable processes and relying on homodync 
measurements (e.g., Ref. 0) are very sensitive to noise, 
which leads to low key rate transfer, and cannot work in 
the naturally disturbed and complex Internet networks. 

In the proposed implementation of a secure Internet 
deterministic ciphered signals go through arbitrary com- 
munication channels. They are ciphered by random sig- 
nals from physical sources in nonorthogonal M-ry bases. 
This system has evolved from a key distribution system 



recently proposed 0,0 (See also and 0). This secure 
Internet distributes deterministically random sequences 
of bits to be utilized in a fast "one-time-pad" scheme. 

A simplified but imperfect illustration of this system 
based on physical noise would be a public radio station 
emitter A that changes its carrier frequency in a very 
fast and truly random way. A user B who possesses a 
perfect knowledge of this random variation could set his 
tuner to automatically lock onto it. A clear sound or mes- 
sage would result. To an intruder who does not possess 
any information on the carrier variations, only noise will 
be detected. Actually, the presented cryptographic sys- 
tem does not rely on frequency variations but on random 
jumps among distinct nonorthogonal phase bases where 
the bits are inscribed. This is as far as this analogy goes. 

The security of the key distribution provided by this 
system relies on a few points: 1) A shared secrecy by A 
and B on a starting key sequence Kq and 2) a bit-by-bit 
uncertainty Nature-made noise Ni associated to each bit 
Ri and recorded on a interleaved M-ry nonorthogonal 
basis. Knowledge of K gives for the legitimate users the 
mapping of the bases jumps in the emitter and thus the 
bit Ri inscribed on each basis. Privacy amplification pro- 
cedures statistically exclude the eventually compromised 
fraction of shared bits. The sequences of random bits Ri 
will be generated by a truly random process and sent one- 
by-one between users A (Alice) and B (Bob). The batch 
of shared secret bits Ri will be used subsequently in one- 
time-pad ciphering. The noise Ni protects each bit Ri 
from the attacker E (Eve) and provides the information 
security level associated with all shared Ri. 

While this noise-secured Internet is logically equivalent 
to the optical system discussed on Refs. and it has 
a major distinctive feature: In Ref. the noise arises 
as part of the signal measurement by the attacker and 
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is inherent to the optical field in a fiber channel. Here 
the signal sent over the network is a recorded signal and, 
as such, it is deterministic but contains bit information 
Ri and the associated noise iVj. This is equivalent to 
recording the results of an exceedingly noisy experiment 
and giving them to two researchers for interpretation: 
one that knows how to subtract the noise and the other 
one, the attacker, that cannot get rid of the inherent 
noise. 



BASIC SCHEME 

The signals are created by a physical random gener- 
ator (PhRG). The noise N associated with the bit Ri 
inscribed onto the M-ry nonorthogonal basis (M > 2) 
produces the uncertainty measured by the attacker. This 
implies that the the emitter has to be equipped to detect 
and record the signals generated by the PhRG. In other 
words, the definition of the measuring system is made 
by the emitter, not the attacker. The signal sent is the 
signal controlled and measured by the emitter with a de- 
tection system of his choice. No restrictions are placed 
on the attacker to obtain the exchanged signals on a 
public channel. She may obtain perfect copies of the 
transmission. The signals emitted by the legitimate user 
obey constraints imposed to provide full security. Among 
the advantages of the proposed system are: 1) Any pub- 
lic channel may be used for transmission (optical fibers, 
TV, microwave, and so on); 2) The deterministic signals 
can be amplified with no security loss; 3) Signals can 
be converted from electromagnetic to electrical and back 
to electromagnetic with no security loss; 4) Wavelength 
multiplexing is allowed on the network; 5) Current Net- 
work and IP protocols can be used with no modifications 
for users in any IP classes. Fig. 2] shows a block diagram 
for one cycle of the key distribution system. It describes 
how legitimate users A and B distribute or transfer fresh 
random key bits generated by a PhRG (to be described 
ahead). Just to be more general, a description starting 
with a M— ry system of levels will be presented. At the 
end, this system will be simplified for a speed-up in the 
communication process with no security loss. 

A and B share a starting random key sequence 
(#1) designated by K (#2) of length L (See Fig. 

These L bits are divided into blocks of size Um 
(6(fciw), &(&m-i), —b{k\)) and each block defines ran- 
domly a basis koi over a nonorthogonal set of bases on a 
ciphering wheel (#3) with M bases, where M — 2 kM . 

k 0l = b{k M )2 kM ~ 1 + 6(fc M -i)2 fe "- 2 + ...6(fci)2° . (1) 

Given a feoi value (#4), a bit could be inscribed, e.g., 
in a uniform ciphering wheel such as the one shown in 
Ref. where the phase values defining each basis are 




TL> K li ^R u ,R l '...R, l ,R 22 ,...<^I 



FIG. 1: A sketch of one cycle of operations of the key distri- 
bution process in the Noise Secured Internet is shown. 
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fc 0i = 0,l,...M-l, (2) 



and a bit 1 will be inscribed displaced by ir with re- 
spect to bit over each basis. A PhRG (#5) generates 
random bits Ru (#6) that A would like to transfer se- 
curely to B. These signals contain noise Nu (#7) with 
a natural phase distribution (e.g., Gaussian distributed) 
of width (70. Ru can be understood in phase units (rd): 
values or tt for bits and 1. The Gaussian distribu- 
tion width (70 (Set such that < 7r/2) may be written 
00 = -kN^^/M where N a is the number of bases cov- 
ered by N{ (See Ref. Q). The signal to be sent over 
the generic Internet communication channel (#8) (net- 
work and servers) is Y\ = Ru + Nu + koi- The combined 
effects of Nu + koi is to hide the bit value Ru on the 
ciphering wheel (#9). Although containing random in- 
formation Y\ is a deterministic signal and as such can 
be amplified and converted into different signals through 
arbitrary nodes without any loss of security. 

B has to extract Ru from Y\. To this end he utilizes 
the same sequences from Kq utilized by A to generate 
the base values fcoi (#4). He subtracts this value from 
Y\ and obtains Ru + Nu (#10) and obtain signals in bi- 
nary bases (single ki value). The effect of the noise Nu on 
Bob's binary basis is negligible because < ir/2 and his 
decision on the bit value is easy; therefore, he obtains Ru 
(#6). From the received sequence Ri he forms bit blocks 
of length fcjvf and constructs a new base sequence ku- 
The next steps are similar to the first ones. Bob's PhRG 
(#12) generates signal containing bits Ru (#13) associ- 
ated to noise Nu (#14). The signal Y 2 = R2i+N 2 i+ku is 
sent over the communication channel (#8). The bit value 
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R 2 i is hidden by the overall noise N 2 i + ku (#15). From 
her knowledge of Ru (#6) and, therefore, ku (#14), Al- 
ice subtracts ku from Y 2 and obtains R 2i + N 2i (#16). 
On her binary basis she easily obtains R 2 i (#13). The 
first cycle is complete. A and B continue to exchange ran- 
dom sequences as in the first cycle. The shared sequences 
(i?ii, R 2 i, ...), after a privacy amplification process, are 
the random bits to be subsequently utilized for one-time- 
pad cipher. 

Note that while for noiseless signals Y\—b and Y 2 = b 
carrying a repeated bit 6, one has Y\ © Y\ — 0, noisy 
signals give Y\ = b + Ni and Yi — b + N 2 and, therefore, 
Yi © Yi = Ni + N 2 (= orl). This frustrates several 
correlation attacks. 



SOME SECURITY CONSIDERATIONS 

Security analyses were presented for the purely opti- 
cal counterparts of this M-ry key distribution system for 
Internet and are equally valid here. Ref. Q presented 
a bit-by-bit analysis and showed that the attacker's 
initial uncertainty on the whole sequence of shared bits is 
equal to her uncertainty of the starting shared sequence 
K o . This dependence on the first key shared key sequence 
Kq can be seen from the mutual information, defined by 



I(R : Y(R)) = H(R) - H(R\Y(R)) 



(3) 



I(R : Y(R)) is used to write the difference between the 
mutual information between B and E in one cycle of 
length L: 

AI = I B -J E 

= [H(R) - H(R\Y B (R))} - [H{R) - H{R\Y E {R))] 
= H(R\Y E (R))-H{R\Y B (R)) . (4) 

Eve's uncertainty on R given Y B (R) is maximal 
(H(R\Ye(R)) — > L) while Bob may obtain the whole se- 
quence R from Y B : H(R\Y B (R)) = 0. Therefore, AJ < L 
in the first cycle. Applying the chain rule 



H(L 1 ,L 2 ,...,L n \Y E )=Y J H{L i \Y,L l ,...,L i _ 1 ) > (5) 
one may see that 



i=l 



H(Li, L 2 , L n \Y E ) = 

=H(L 1 \Y e )+H{L 2 \Ye,L 1 )+H(L 3 \Y e ,L 1 ,L 2 )., (6) 

If the starting key (Ko with length L = L\) is open to 
Eve, she obtains L 2 (H(L 2 \Ye, Li) = 0) in the same way 
as Bob and also obtains all keys in the subsequent rounds. 
The noise level superposed to the bits sent are designed 
to hide each Lj from the attacker. Privacy amplification 
-a necessary step- applied to the shared bits discards 
information eventually leaked to the attacker and defines 
the final shared length of secure bits. 
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FIG. 2: Sketch of PhRG with a coherent light source. This 
modulus can be added externally or externally to a computer. 
The laser beam is divided by a beam splitter BS. The upper 
part shows a detecting system where signals Vi are generated 
corresponding to the sign of the generated signal with respect 
to the average signal intensity. These binary signals are con- 
verted into binary voltages Vr = that constitute fresh 
random bits to be shared by A and B. The bottom part shows 
an interferometer with an optical phase modulator (4> mod) in 
one of the arms. The laser beam is adjusted to an adequate 
intensity by a neutral density filter (or automatized filter). 
Voltage values Vk defining M-ry phase bases (e.g, M = 2) 
are added to Vr and applied to the phase modulator. Detec- 
tors at the interferometer output produce the phase signals 
carrying basis, bit and noise information shown in Fig. 0as 
Yi. 



THE PHYSICAL RANDOM GENERATOR 

Fig. |3 sketches the PhRG and the input Vk con- 
taining recorded bases information. The PhRG generate 
voltage signals corresponding to bits Vr- These signals 
are added to the basis information supplied by Vk and 
supplied to a phase modulator in one arm of an optical 
interferometer. Output light is detected and converted 
to phase signals (with respect to the laser field) that also 
contain phase noise associated with coherent light. These 
signals are written Yi in Fig. As shown in Refs. Q 
and 0], this phase modulation of coherent signals pro- 
duce signals that carry a phase uncertainty given by the 
Gaussian distribution 
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(7) 



where rj^ = y2/ (n) and (n) is the average number of 
photons in one bit. While several design variations are 
possible, Fig. |21 shows basic parts to be considered. For 
secure transmission of signals the physical randomness is 
necessary as no known mathematical algorithm has been 
proven to generate true random numbers. Several phys- 
ical sources may be used alternatively such as optical or 
thermal sources. However, optical sources can be much 
faster than the thermal ones and are therefore necessary 



4 



when speed is required. A PhRG can be seen as mod- 
ulus that can be hooked (internally or externally) to a 
computer linked to the Internet either in dedicated use 
or open to users such as in a cybercafe. In such a pub- 
lic system users may generate and record on portable 
memories a batch of secure keys or use them to exchange 
one-time-pad ciphered information. 

One may also wonder about the cost of a brute force at- 
tack to determine the starting key Kg from the transmit- 
ted signals. Under the assumption that the uncertainty 
presented to the attacker covers N a bases, the attacker 
would know that the basis ki used in a given transmission 
is around a given region within the uncertainty N a . For 
a M-ry system of uniformly spaced bases this amounts 
that only a set of less relevant bits b(k a ) in Eq. Q hide 
the correct basis. These b(k a ) bits could be permutated 
in b(k a )\ ways. As each bit could be either or 1 the 
total number of permutations to be searched for each bit 
emission would be (log 2 N a )\N a . For the total number 
of K{) bits the number of combinations would be 



C = 2 K °{log 2 N (7 )\N a 



(8) 



Under this example of a uniform ciphering wheel exem- 
plified by Eq. (|2J), it is understood that the attacker may 
know the fraction 1 — (N a /M) of the total number of 
shared bits fc M used by A and B to cipher a fresh gen- 
erated bit. For a sequence of L shared bits, Eve may 
obtain L[l — (N a /M)] bits among L because they were 
not covered by noise. These bits have to be subsequently 
discarded by A and B through privacy amplification pro- 
cesses. 



SIMPLIFIED BASES 

Use of a non-uniform set of bases leads to a more eco- 
nomical system: instead of a uniformly spaced circle of 
phases given by Eq. © one may use just a sector of phase 
values where the number of bases is just M = 2. See Fig. 
|3J The sector width or bases separation is made less than 
2N a . Therefore, all bases will be within the phase fluc- 
tuations caused by the noise Nj . Phase positions on this 
sector are given by 



1 - (-i) fe i« 



k i = 0, 1. 



(9) 



With this sector of phase bases the number of possible 
combinations for a brute force attack searching for all 
possibilities that may lead to Kq is C — 2 x 2 K ° . Rea- 
sonable Ko lengths could be, say, ~ 10 6 , 10 9 ; they give a 
number of combinations C to be tried that is not com- 
putationally feasible. 

Ref. derived explicit equations for the mutual in- 
formation of the process and showed numerical examples 
to quantify security in terms of the difference of the mu- 
tual information functions for A and B and A and E 




FIG. 3: A ciphering set of bases in a phase sector with M — 2. 
<T0 is the standard deviation in the phase caused by fluctua- 
tions in the light field. A<j>i is the spacing between two bases 
and should be kept A^i <C n/2. (n) is adjusted so that 
7r/2 > (7^, 3> A0i, e.g. (n) < 100. Two states or bits can be 
inscribed on each basis. Dark circles indicate positions for a 
bit and open circles give possible positions for a bit 1. 



(Iae = cIab i £ < 1). As has also been shown, the 
security of one sequence sent depends on the secrecy of 
the former sequence received. This is an a-priori condi- 
tion over which Iab > Iae follows. Statistically, the at- 
tacker may acquire some bits correctly and the legitimate 
users have to use privacy amplification protocols to elim- 
inate that possible amount of information acquired by 
Eve. Privacy amplification randomly reduce the number 
of bits to eliminate possible information leaked to Eve. 
A and B are able to share a large number of random se- 
quences R Kq before the bit reconciliation and privacy 
amplification steps severely shorten the length L of the 
sequences. These length reductions lead to a slow down 
of the process and eventually to its halt. A convenient 
minimum length L m i n can be chosen so that a new fresh 
sequence K restarts the whole process. See Ref. for 
a discussion on the distillation process. The amount of 
possible leakage can be estimated using mutual informa- 
tion functions as shown in Ref. p|. It was shown that a 
fraction 1 — / (/ ~ 0.9991 in the example given) could 
be compromised in every cycle; therefore, ~ 0.1% should 
be eliminated by privacy amplification protocols. As a 
result, the remaining fraction / of bits in every cycle is 
secure. A and B then succeed after many cycles in shar- 
ing a number of secure bits much larger than the initial 
shared sequence K o . With the example given in Ref. Q , 
after sharing ~ 10 3 L bits, ~ 660L (66%) will be distilled 
by privacy amplification. Renewal of fresh starting se- 
quences K was discussed in Refs. Q and p|. Ancient 
methods such as hand-to-hand delivery and steganogra- 
phy could be used for some applications. Even certi- 
fied key providers may be acceptable for some uses. The 
slow BB84 key distribution process could also be used to 
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distribute the starting sequences Kq with proven secu- 
rity; the speed of the key distribution process will then 
boosted by the Noise Secured Internet system described 
here. 



CONCLUSIONS 

It has been shown that two (or more) Internet users 
starting from a shared secret sequence of random bits 
K and adding a simple "hardware" modulus (PhRG) to 
their computers will succeed in generating a large number 
of secret keys to be used in one-time-pad cipher. The 
system works at optical speed and does not require any 
special Internet protocol. Signals associated with noise 
are generated in the PhRG and the signals to be sent 
are deterministic ones. The associated security is not 
related to protocols based on mathematical complexities 
in current use. This system is proposed as a possible new 
paradigm for a secure Internet. 
Email: geraldoabarbosa@hotmail.com 
Phone: Brazil(31)3441-4121 
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